Caution! If you want to renew your Apple Push certificate, please follow the procedure described in the Renew certificate section.
If you want to use Cortado MDM for a proof-of-concept, you don’t need to complete any further configuration steps and can get started right away. All the required certificates are already loaded. In a productive environment however, or an environment with more elevated security standards, we recommend that you undertake the following steps.
You need two certificates for the Apple MDM :
- a Apple Push certificate
- a certificate for MDM identification
Request and upload your own Apple Push certificate
Mobile Device Management on iOS devices requires the Apple push certificate, already provided by Apple. If a connection to an Apple device needs to be set up via the Management Console, Cortado sends a corresponding message to the device over the Apple Push Notification Service (APNS) which prompts it to log in to Cortado MDM. So no information is transmitted. The Apple Push Notification Service only wakes the device from hibernation, so that it can be logged on to Cortado MDM. All configuration information, settings and requests go via an (encrypted) SSL connection directly from the management console to the Apple devices.
By default, there is an Apple push certificate already stored in the Corado Management Console. Therefore, the steps described below are only required if your organization wants to use it’s own Apple push certificate.
Requesting and installing an certificate
Before you can request a certificate from Apple, you first have to run a Certificate Signing Request (CSR).
- For CSR, select in the Management Console: Control Panel→ Certificate.
- Under Apple Push Certificate click on Generate Certificate Request (arrow in illus.).
Note! To renew the certificate not use the button Generate Certificate Request. Otherwise you will generate a new certificate which has to be distributed to all users again.
- Fill out the form and confirm with OK.
- Click Download Certificate Request to save the certificate request (arrow in the illus.).
The CSR file will be saved.
- Open the following website: https://go.mycortado.com/web/apns-sign/.
- Log in here with your Cortado ID or simply create a new ID (arrow in illus.).
- Upload the certificate request (CSR) now under Upload CRS on the signing website.
- In step 2 you can download the signed certificate request (CSR).
- Then go to the Apple website (Apple Push Certificates Portal) and log in using your Apple ID.
- Click on Create a Certificate (arrow in illus.).
Note! If you would like to renew an existing certificate, then select your certificate instead and click Renew.
- Select your signed certificate request, and upload it .
- Shortly after, you can download your certificate in .pem format (arrow in illus.).
- Using Upload Apple Certificate you can now upload your certificate.
Export and import certificate
- Save a backup of the certificate in .pfx format with Export Apple Push Certificate (arrow in illus.).
- With this version of the certificate, you can avoid future need for the procedure described above.
- Enter a certificate password and confirm.
- Using Import Apple Push Certificate you can install it again anytime.
- Select the certificate with Choose Certificate and enter the password.
The Apple Push certificate is valid for one year (left arrow in illus.).
- If you would like to extend it beyond that, tap on Renew Apple Certificate under Control Panel→ Certificates→ Apple Push Certificate (right arrow in illus.).
- Then proceed as described above.
The renewed certificate must not be assigned again on the users’ devices.